Add auto-auth requirement to all admin pages

Instead ofhaving to explicitly decorate all methods with auth_protect()
use the fact all pages go through Page.__call__ to conditionally check
if the user is anoynous and set a default when instantiating AdminPage
so that all admin pages require authentication.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>

diff --git a/ipsilon/admin/common.py b/ipsilon/admin/common.py
index 19ca6ff..5928763 100755 (executable)
--- a/ipsilon/admin/common.py
+++ b/ipsilon/admin/common.py
@@ -19,7 +19,7 @@
 
 import cherrypy
 from ipsilon.util.page import Page
-from ipsilon.util.page import admin_protect, auth_protect
+from ipsilon.util.page import admin_protect
 
 
 class AdminPage(Page):
@@ -31,6 +31,7 @@ class AdminPage(Page):
             'Pragma': 'no-cache',
             'Expires': 'Thu, 01 Dec 1994 16:00:00 GMT',
         })
+        self.auth_protect = True
 
 
 class AdminPluginPage(AdminPage):
@@ -121,7 +122,6 @@ class Admin(AdminPage):
         self.url = '%s/%s' % (self.basepath, mount)
         self.menu = []
 
-    @auth_protect
     def root(self, *args, **kwargs):
         return self._template('admin/index.html',
                               title='Configuration',

diff --git a/ipsilon/admin/info.py b/ipsilon/admin/info.py
index 1ce06f1..cea6b0e 100755 (executable)
--- a/ipsilon/admin/info.py
+++ b/ipsilon/admin/info.py
@@ -3,7 +3,7 @@
 # Copyright (C) 2014  Ipsilon Contributors see COPYING for license
 
 import cherrypy
-from ipsilon.util.page import admin_protect, auth_protect
+from ipsilon.util.page import admin_protect
 from ipsilon.util.plugin import PluginObject
 from ipsilon.admin.common import AdminPluginPage
 from ipsilon.admin.common import AdminPage
@@ -112,7 +112,6 @@ class InfoPlugins(AdminPage):
                               enabled=ordered,
                               menu=self._master.menu)
 
-    @auth_protect
     def root(self, *args, **kwargs):
         return self.root_with_msg()
 

diff --git a/ipsilon/admin/login.py b/ipsilon/admin/login.py
index 62e0a0e..4645917 100755 (executable)
--- a/ipsilon/admin/login.py
+++ b/ipsilon/admin/login.py
@@ -18,7 +18,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 import cherrypy
-from ipsilon.util.page import admin_protect, auth_protect
+from ipsilon.util.page import admin_protect
 from ipsilon.util.plugin import PluginObject
 from ipsilon.admin.common import AdminPluginPage
 from ipsilon.admin.common import AdminPage
@@ -144,7 +144,6 @@ class LoginPlugins(AdminPage):
                               enabled=ordered,
                               menu=self._master.menu)
 
-    @auth_protect
     def root(self, *args, **kwargs):
         return self.root_with_msg()
 

diff --git a/ipsilon/admin/providers.py b/ipsilon/admin/providers.py
index ce21e16..eea61e7 100755 (executable)
--- a/ipsilon/admin/providers.py
+++ b/ipsilon/admin/providers.py
@@ -19,7 +19,7 @@
 
 
 import cherrypy
-from ipsilon.util.page import admin_protect, auth_protect
+from ipsilon.util.page import admin_protect
 from ipsilon.providers.common import FACILITY
 from ipsilon.admin.common import AdminPluginPage
 from ipsilon.admin.common import AdminPage
@@ -57,7 +57,6 @@ class ProviderPlugins(AdminPage):
                               enabled=enabled_plugins,
                               menu=self._master.menu)
 
-    @auth_protect
     def root(self, *args, **kwargs):
         return self.root_with_msg()
 

diff --git a/ipsilon/util/page.py b/ipsilon/util/page.py
index 1815ceb..f98b2d9 100755 (executable)
--- a/ipsilon/util/page.py
+++ b/ipsilon/util/page.py
@@ -34,16 +34,6 @@ def admin_protect(fn):
     return check
 
 
-def auth_protect(fn):
-    def check(self, *args, **kwargs):
-        if UserSession().get_user().is_anonymous:
-            raise cherrypy.HTTPRedirect(self.basepath)
-        else:
-            return fn(self, *args, **kwargs)
-
-    return check
-
-
 class Page(Log):
     def __init__(self, site, form=False):
         if 'template_env' not in site:
@@ -53,6 +43,7 @@ class Page(Log):
         self.user = None
         self._is_form_page = form
         self.default_headers = dict()
+        self.auth_protect = False
 
     def _compare_urls(self, url1, url2):
         u1 = unquote(url1)
@@ -67,6 +58,9 @@ class Page(Log):
 
         self.user = UserSession().get_user()
 
+        if self.auth_protect and self.user.is_anonymous:
+            raise cherrypy.HTTPError(401)
+
         if len(args) > 0:
             op = getattr(self, args[0], None)
             if callable(op) and getattr(op, 'public_function', None):